Transforms - Escalate by Count

From Zenoss Wiki
Revision as of 05:48, 24 November 2012 by Chet Luther (Talk | contribs)$7

(diff) ← Older revision | Approved revision (diff) | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The following transform will escalate an event's severity to critical if it has occurred more than three times in a row without clearing.

This example is nearly twice as long as it would ordinarily need to be because it is compatible with Zenoss 3 and Zenoss 4. The event management system, and therefore the way we look up the current count for the incoming event changed drastically between these versions.

# Initialize existing_count.
existing_count = 0
 
# Prefix for fingerprint (dedupid).
dedupfields = [evt.device, evt.component, evt.eventClass]
 
if 'getFacade' in globals() and getFacade('zep'):
    # Zenoss >=4 method.
    if getattr(evt, 'eventKey', False):
        dedupfields += [evt.eventKey, evt.severity]
    else:
        dedupfields += [evt.severity, evt.summary]
 
    zep = getFacade('zep')
    evt_filter = zep.createEventFilter(
        status=(0,1,2),
        fingerprint='|'.join(map(str, dedupfields)))
 
    summaries = zep.getEventSummaries(0, 1, filter=evt_filter)
    if summaries['total']:
        existing_count = list(summaries['events'])[0]['count']
else:
    # Zenoss <4 method.
    if getattr(evt, 'eventKey', False):
        dedupfields += [evt.eventKey, evt.severity]
    else:
        dedupfields += [evt.eventKey, evt.severity, evt.summary]
 
    em = dmd.Events.getEventManager()
    em.cleanCache()
    try:
        db_evt = em.getEventDetail(dedupid='|'.join(map(str, dedupfields)))
        existing_count = db_evt.count
    except Exception:
        pass
 
# Do what you like with the count and event;
# In this example we up the severity to CRITICAL if the count is > 3
if existing_count > 3:
    evt.severity = 5